Completely remove P-224 from the TLS stack. It already wasn't in the default list and no one enables it. Remove it altogether. (It's also gone from the current TLS 1.3 draft.) Change-Id: I143d07d390d186252204df6bdb8ffd22649f80e3 Reviewed-on: https://boringssl-review.googlesource.com/6775 Reviewed-by: Adam Langley <agl@google.com>

commit: 64d9250e2ffd0b959b6785aece9cea71a657fcee [log] [tgz]
author: David Benjamin <davidben@chromium.org> Sat Dec 19 02:20:57 2015 -0500
committer: Adam Langley <agl@google.com> Tue Dec 22 17:45:26 2015 +0000
tree: b4a40c4349010fc06c058f94e9fe51d1d19d72ec
parent: 8c2b3bf965b175b799cad0600496f3899a05663d [diff]
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 6f2bb4e..2a32cd3 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -1691,14 +1691,13 @@
 		{
 			name: "UnsupportedCurve",
 			config: Config{
-				CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
-				// BoringSSL implements P-224 but doesn't enable it by
-				// default.
-				CurvePreferences: []CurveID{CurveP224},
+				CipherSuites:     []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+				CurvePreferences: []CurveID{CurveP256},
 				Bugs: ProtocolBugs{
 					IgnorePeerCurvePreferences: true,
 				},
 			},
+			flags:         []string{"-p384-only"},
 			shouldFail:    true,
 			expectedError: ":WRONG_CURVE:",
 		},
@@ -4622,7 +4621,6 @@
 	name string
 	id   CurveID
 }{
-	{"P-224", CurveP224},
 	{"P-256", CurveP256},
 	{"P-384", CurveP384},
 	{"P-521", CurveP521},
commit	64d9250e2ffd0b959b6785aece9cea71a657fcee	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Sat Dec 19 02:20:57 2015 -0500
committer	Adam Langley <agl@google.com>	Tue Dec 22 17:45:26 2015 +0000
tree	b4a40c4349010fc06c058f94e9fe51d1d19d72ec
parent	8c2b3bf965b175b799cad0600496f3899a05663d [diff]